#VU224 An out-of-bounds access erorr in imagegif/output in PHP - CVE-2016-5095

Cybersecurity Help s.r.o.

Published: 2016-07-27 | Updated: 2016-08-13

Vulnerability identifier: #VU224

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-5095

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description
The vulnerability allows a remote attacker to cause information disclosure.

The vulnerability exists due to error in imagegif/output function in gd_gif_out.c file that causes out-of-bounds read of the masks array when ctx->cur_bits becomes a negative number. A remote unauthenticated attacker can cause an out-of-bounds access erorr in imagegif/output.

Successful exploitation of this vulnerability may result in information disclosure.

Mitigation
Install the latest versions: (5.5.38, 5.6.24, 7.0.9).

Vulnerable software versions

PHP: 5.5.0 - 5.5.37, 5.6.0 - 5.6.23, 7.0.0 - 7.0.8

External links
https://bugs.php.net/bug.php?id=72519
https://php.net/ChangeLog-5.php#5.5.38
https://php.net/ChangeLog-5.php#5.6.24
https://php.net/ChangeLog-7.php#7.0.9

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in PHP